Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Thu, 14 Dec 2006 21:44:54 +0200 (EET)

After the public release we have to accept the fact that the PoC will be possibly accessible outside of exploit sites 
The overall risk of the issue is increasing.
To confirm the existence of PoC it was listed in several references like

The metadata information of 12122006-djtest.doc states the following:

Created: 16th Aug 2006
Author: sarahbl

- Juha-Matti

Gadi Evron <ge () linuxbox org> wrote:
On Tue, 12 Dec 2006, Joxean Koret wrote:
> > Wow! That's fun! The so called "Word 0 day" flaw also affects
> OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool
> with the file:

This is NOT a 0day. It is a disclosed vulnerability in full-disclosure
mode, on a mailing list (fuzzing mailing list).

I am not sure why I got this 10 times now, I thought the days of these
bounces were over. But I am tired of seeing every full-disclosure
vulnerability called a 0day anymore.

A 0day, whatever definition you use, is used in the wild before people are
aware of it.

> > joxean () joxeankoret $ abiword 12122006-djtest.doc > > ** (AbiWord-2.2:24313): WARNING **: Invalid seek > > ** (AbiWord-2.2:24313): WARNING **: Invalid seek > > ** (AbiWord-2.2:24313): WARNING **: Invalid seek > > ** (AbiWord-2.2:24313): WARNING **: Invalid seek
> joxean () joxeankoret $ ooffice 12122006-djtest.doc
> OpenOffice.org lockfile found (/home/joxean/.openoffice/1.1.3/.lock)
> Using existing OpenOffice.org
> Application Errorsh: line 1: crash_report: command not found
> Application Error
> > Fatal exception: Signal 6


  By Date           By Thread  

Current thread:
  • Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page Juha-Matti Laurio (Dec 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]